Q&A: Sivakumar Radhakrishnan Talks Industrial Cybersecurity

Our cybersecurity expert explains why hackers are increasingly targeting industrial facilities, utilities, and critical infrastructure.

Our cybersecurity expert explains why hackers are increasingly targeting industrial facilities, utilities, and critical infrastructure.

Sivakumar Radhakrishnan, Industrial Cybersecurity Expert

Meet Sivakumar Radhakrishnan

He has spent more than 30 years helping the world’s most successful businesses prevent cyberattacks. His work has taken him to India, Saudi Arabia, UAE, Bahrain, Finland, Jakarta, and South Korea. He’s worked with organizations like Saudi Aramco, Nokia, ESPN, Schneider Electric, Veolia, Dalkia (EDF Group), Vector InfoTech, SBEM, and Philips India.

He was most recently Head of Cybersecurity at TÜV SÜD South Asia and is now part of TÜV SÜD Americas, helping to manage the industrial cybersecurity business. 

In a recent conversation about industrial cybersecurity, Sivakumar explained why hackers are increasingly targeting industrial facilities. He also discussed practical steps organizations can take to protect themselves.

Let’s start with the basics. What is industrial cybersecurity?

Industrial cybersecurity protects Industrial Control Systems (ICS) from cyber threats. Industrial cybersecurity encompasses critical assets like connected machinery as well as infrastructure like electric power, and wastewater treatment utilities. Industrial cybersecurity programs enhance awareness, readiness, and protection against attacks.

Why is protection against industrial cyberattacks so critical?

Industrial cybersecurity is one of the highest critical requirements and cannot be ignored in today’s connected world. Industrial cybersecurity addresses the convergence of information technology (IT) and operational technology (OT). It protects against potentially catastrophic attacks. Take machinery safety for example. If someone hacks into the temperature sensors in a boiler, they can cause the boiler to explode. If someone hacked into a power plant, they could leave an entire city without power for days. The stakes are very high.

Why do hackers see industrial facilities as easier targets than financial institutions or other entities?

Unlike financial institutions and enterprise sectors, industrial facilities lag in terms of their cyber resiliency posture. Despite technology advancements in ICS/OT networks, a significant portion of end users still use plain-text passwords with low encryption when handling legacy protocols. Far too many rely on obsolete operating systems and legacy application systems too. This paves the way for hackers to plan attacks on weaker ICS/OT networks. Plus, patching, updates, and penetration testing doesn’t happen nearly as often as in traditional IT settings because the machinery is rarely shut down once it’s turned on.

What are some critical steps organizations can take to protect their facilities from cyberattacks?

Proactive planning is essential for organizations to protect their facilities from cyberattacks. As the saying goes, “you can't manage what you can't measure.” Conducting periodic cyber resiliency checks, including proactive risk assessments and gap analyses, can help organizations to protect themselves from cyberattacks. 

Can you describe your new role with TÜV SÜD Americas?

My new role will enable me to create a solid backbone for industrial cybersecurity services and provide a one-stop solution for customers requiring comprehensive cybersecurity resiliency, compliance solutions, training on cybersecurity, industrial internet of things (IIoT), and more.

How can TÜV SÜD Americas keep a facility safer from cyberattacks and compliant with standards like NERC CIP?

TÜV SÜD Americas has a three-pillar approach to industrial cybersecurity – awareness, readiness, and protection. The awareness pillar focuses on comprehensive cybersecurity training for the entire workforce. That creates a culture of safety and promotes best practices. The resilience pillar means providing proactive risk assessments to determine the readiness of networks and systems to withstand cyberattacks. The protection pillar focuses on enhancing electronic perimeter security, managed cybersecurity services, and providing various industrial cybersecurity compliance solutions for standards like NERC CIP, NIST frameworks, and IEC 62443.

Next Steps

Site Selector